The Tasmanian government has admitted approximately 16,000 documents have been released online as part of an unfolding data breach, impacting invoices, names, addresses and bank statements of Tasmanian parents and students.
The data leak stems from a cyber attack on GoAnywhere MFT, a third-party file transfer service used by the Tasmanian Department of Education, Children and Young People.
After initially stating there was no confirmation of the department's information being stolen, Technology Minister Madeleine Ogilvie later confirmed on Good Friday that a range of sensitive financial data was accessed and released online.
The compromised documents reportedly include invoices, bank statements, information relating to student assistance applications, and the names and addresses of people connected to the department.
"We fully understand how concerning this development is to all Tasmanians, and we are already in the process of contacting anyone affected,” Ogilvie said.
“At this point in time, our advice is there are approximately 16,000 documents that have been released.
“The information released includes financial invoices and statements – including information relating to student assistance applications, and may include names and addresses," the minister said.
A later update on the Education Department's website further revealed Tasmania's TAFE system, the state's Teachers Registration Board and the office of the Commissioner for Children and Young People have also been caught up in the breach.
The update said data relating to student names and their corresponding schools, home room and year group may have been accessed, as well as the bank account details and birth dates of TasSafe students.
"Whilst we know your data has not been released yet, there is a likelihood that this may be published by the criminal group involved," the update read.
Ogilvie also admitted the number of affected documents may grow as government investigations continue.
She said the government had engaged the services of IDCare, Australia's national identity and cyber support service, which was largely employed during the landmark Optus and Medibank data breaches of 2022.
Furthermore, the minister said Tasmanian schools had been contacted regarding the data breach, and a dedicated hotline – 1800 567 567 – has been established to "provide Tasmanians with advice and support, should they need it."
Last week, as investigations were still developing, Ogilvie urged potentially affected Tasmanians to regularly check their bank accounts.
"We continue to urge people to stay alert for any suspicious financial activity or attempted scams," said Ogilvie.
“We will act immediately if there are any updates, and will keep the community informed at every step,” she added.
Cl0p ransom gang runs rampant
The data breach occurred sometime last month, and was confirmed on 31 March when the Tasmanian government conceded its data had been accessed.
The incident involved third-party file transfer service GoAnywhere MFT – software which has been at the centre of a recent string of attacks by Russia-linked ransom gang Cl0p.
These attacks stem from a zero-day vulnerability (CVE-2023-0669) found in the GoAnywhere software on 30 January, and later patched on 7 February.
The security flaw reportedly enabled attackers to gain remote code execution on unpatched instances of GoAnywhere MFT, and the Cl0p gang claims it has stolen data from more than 130 organisations after exploiting the bug, including mining giant Rio Tinto and gambling conglomerate Crown Resorts.
Ogilvie said the government was continuing to use GoAnywhere software as part of "best practice", after a patch was applied to address its vulnerabilities.
"The particular incident was over ... four days. A patch was applied, and that problem was remedied," she said.
"What we're dealing with now is information that was transferred during that window."
The latest updates from the state government state investigations are ongoing, and are being assisted via an engagement with cyber security specialist Cyber CX.